OpenVPN
test_pkt.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <setjmp.h>
35 #include <cmocka.h>
36 #include "test_common.h"
37 
38 #include "crypto.h"
39 #include "options.h"
40 #include "ssl_backend.h"
41 #include "ssl_pkt.h"
42 #include "tls_crypt.h"
43 
44 #include "mss.h"
45 #include "reliable.h"
46 
47 int
48 parse_line(const char *line, char **p, const int n, const char *file,
49  const int line_num, int msglevel, struct gc_arena *gc)
50 {
51  /* Dummy function to get the linker happy, should never be called */
52  assert_true(false);
53  return 0;
54 }
55 
56 /* Define this function here as dummy since including the ssl_*.c files
57  * leads to having to include even more unrelated code */
58 bool
59 key_state_export_keying_material(struct tls_session *session,
60  const char *label, size_t label_size,
61  void *ekm, size_t ekm_size)
62 {
63  ASSERT(0);
64 }
65 
66 const char *
67 print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
68 {
69  return "dummy print_link_socket_actual from unit test";
70 }
71 
72 struct test_pkt_context {
73  struct tls_auth_standalone tas_tls_auth;
74  struct tls_auth_standalone tas_crypt;
75 };
76 
77 const char static_key[] = "<tls-auth>\n"
78  "-----BEGIN OpenVPN Static key V1-----\n"
79  "37268ea8f95d7f71f9fb8fc03770c460\n"
80  "daf714a483d815c013ce0a537efc18f2\n"
81  "8f4f172669d9e6a413bac6741d8ea054\n"
82  "00f49b7fd6326470f23798c606bf53d4\n"
83  "de63ebc64ec59d57ce5d04d5b62e68b5\n"
84  "3ca6e5354351097fa370446c4d269f18\n"
85  "7bb6ae54af2dc70ff7317fe2f8754b82\n"
86  "82aad4202f9fa42c8640245d883e2c54\n"
87  "a0c1c489a036cf3a8964d8d289c1583b\n"
88  "9447c262b1da5fd167a5d27bd5ac5143\n"
89  "17bc2343a31a2efc38dd920d910375f5\n"
90  "1c2e27f3afd36c49269da079f7ce466e\n"
91  "bb0f9ad13e9bbb4665974e6bc24b513c\n"
92  "5700393bf4a3e7f967e2f384069ac8a8\n"
93  "e78b18b15604993fd16515cce9c0f3e4\n"
94  "2b4126b999005ade802797b0eeb8b9e6\n"
95  "-----END OpenVPN Static key V1-----\n"
96  "</tls-auth>\n";
97 
98 const uint8_t client_reset_v2_none[] =
99 { 0x38, 0x68, 0x91, 0x92, 0x3f, 0xa3, 0x10, 0x34,
100  0x37, 0x00, 0x00, 0x00, 0x00, 0x00 };
101 
102 const uint8_t client_reset_v2_tls_auth[] =
103 { 0x38, 0xde, 0x69, 0x4c, 0x5c, 0x7b, 0xfb, 0xa2,
104  0x74, 0x93, 0x53, 0x7c, 0x1d, 0xed, 0x4e, 0x78,
105  0x15, 0x29, 0xae, 0x7c, 0xfe, 0x4b, 0x8c, 0x6d,
106  0x6b, 0x2b, 0x51, 0xf0, 0x5a, 0x00, 0x00, 0x00,
107  0x01, 0x61, 0xd3, 0xbf, 0x6c, 0x00, 0x00, 0x00,
108  0x00, 0x00};
109 
110 const uint8_t client_reset_v2_tls_crypt[] =
111 {0x38, 0xf4, 0x19, 0xcb, 0x12, 0xd1, 0xf9, 0xe4,
112  0x8f, 0x00, 0x00, 0x00, 0x01, 0x61, 0xd3, 0xf8,
113  0xe1, 0x33, 0x02, 0x06, 0xf5, 0x68, 0x02, 0xbe,
114  0x44, 0xfb, 0xed, 0x90, 0x50, 0x64, 0xe3, 0xdb,
115  0x43, 0x41, 0x6b, 0xec, 0x5e, 0x52, 0x67, 0x19,
116  0x46, 0x2b, 0x7e, 0xb9, 0x0c, 0x96, 0xde, 0xfc,
117  0x9b, 0x05, 0xc4, 0x48, 0x79, 0xf7};
118 
119 /* Valid tls-auth client CONTROL_V1 packet with random server id */
120 const uint8_t client_ack_tls_auth_randomid[] = {
121  0x20, 0x14, 0x01, 0x4e, 0xbc, 0x80, 0xc6, 0x14,
122  0x2b, 0x7b, 0xc8, 0x76, 0xfb, 0xc5, 0x2e, 0x27,
123  0xb1, 0xc5, 0x07, 0x35, 0x5b, 0xb6, 0x00, 0x6b,
124  0xae, 0x71, 0xba, 0x4e, 0x38, 0x00, 0x00, 0x00,
125  0x03, 0x61, 0xd3, 0xff, 0x53, 0x00, 0x00, 0x00,
126  0x00, 0x01, 0x16, 0x03, 0x01, 0x01, 0x0c, 0x01,
127  0x00, 0x01, 0x08, 0x03, 0x03, 0x8c, 0xaa, 0xac,
128  0x3a, 0x1a, 0x07, 0xbd, 0xe7, 0xb7, 0x50, 0x06,
129  0x9b, 0x94, 0x0c, 0x34, 0x4b, 0x5a, 0x35, 0xca,
130  0xc4, 0x79, 0xbd, 0xc9, 0x09, 0xb0, 0x7b, 0xd9,
131  0xee, 0xbb, 0x7d, 0xe7, 0x25, 0x20, 0x39, 0x38,
132  0xe2, 0x18, 0x33, 0x36, 0x14, 0x9f, 0x34, 0xf0,
133  0x44, 0x59, 0x96, 0x8d, 0x0e, 0xd2, 0x47, 0x76,
134  0x64, 0x88, 0x59, 0xe9, 0x38, 0x03, 0x97, 0x96,
135  0x98, 0x45, 0xfb, 0xf5, 0xff, 0x23, 0x00, 0x32,
136  0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x2c,
137  0xc0, 0x30, 0x00, 0x9f, 0xcc, 0xa9, 0xcc, 0xa8,
138  0xcc, 0xaa, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
139  0xc0, 0x24, 0xc0, 0x28, 0x00, 0x6b, 0xc0, 0x23,
140  0xc0, 0x27, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x14,
141  0x00, 0x39, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33,
142  0x00, 0xff, 0x01, 0x00, 0x00, 0x8d, 0x00, 0x0b,
143  0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x0a,
144  0x00, 0x0c, 0x00, 0x0a, 0x00, 0x1d, 0x00, 0x17,
145  0x00, 0x1e, 0x00, 0x19, 0x00, 0x18, 0x00, 0x16,
146  0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x0d,
147  0x00, 0x30, 0x00, 0x2e, 0x04, 0x03, 0x05, 0x03,
148  0x06, 0x03, 0x08, 0x07, 0x08, 0x08, 0x08, 0x09,
149  0x08, 0x0a, 0x08, 0x0b, 0x08, 0x04, 0x08, 0x05,
150  0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
151  0x03, 0x03, 0x02, 0x03, 0x03, 0x01, 0x02, 0x01,
152  0x03, 0x02, 0x02, 0x02, 0x04, 0x02, 0x05, 0x02,
153  0x06, 0x02, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03,
154  0x04, 0x03, 0x03, 0x00, 0x2d, 0x00, 0x02, 0x01,
155  0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00,
156  0x1d, 0x00, 0x20, 0x0e, 0xc9, 0x7a, 0xff, 0x58,
157  0xdb, 0x56, 0xf6, 0x40, 0xd1, 0xed, 0xdb, 0x91,
158  0x81, 0xd6, 0xef, 0x83, 0x86, 0x8a, 0xb2, 0x3d,
159  0x88, 0x92, 0x3f, 0xd8, 0x51, 0x9c, 0xd6, 0x26,
160  0x56, 0x33, 0x6b
161 };
162 
163 /* This is a truncated packet as we do not care for the TLS payload in the
164  * unit test */
165 const uint8_t client_control_with_ack[] = {
166  0x20, 0x78, 0x19, 0xbf, 0x2e, 0xbc, 0xd1, 0x9a,
167  0x45, 0x01, 0x00, 0x00, 0x00, 0x00, 0xea,
168  0xfe, 0xbf, 0xa4, 0x41, 0x8a, 0xe3, 0x1b,
169  0x00, 0x00, 0x00, 0x01, 0x16, 0x03, 0x01
170 };
171 
172 const uint8_t client_ack_none_random_id[] = {
173  0x28, 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79,
174  0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0xdd,
175  0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e
176 };
177 
178 struct tls_auth_standalone
179 init_tas_auth(int key_direction)
180 {
181  struct tls_auth_standalone tas = { 0 };
182  struct frame frame = { {.headroom = 200, .payload_size = 1400}, 0};
183  tas.frame = frame;
184 
185  tas.tls_wrap.mode = TLS_WRAP_AUTH;
186  /* we ignore packet ids on for the first packet check */
187  tas.tls_wrap.opt.flags |= (CO_IGNORE_PACKET_ID|CO_PACKET_ID_LONG_FORM);
188 
189  struct key_type tls_crypt_kt;
190  init_key_type(&tls_crypt_kt, "none", "SHA1", true, false);
191 
192  crypto_read_openvpn_key(&tls_crypt_kt, &tas.tls_wrap.opt.key_ctx_bi,
193  static_key, true, key_direction,
194  "Control Channel Authentication", "tls-auth",
195  NULL);
196  tas.workbuf = alloc_buf(1600);
197 
198  return tas;
199 }
200 
201 struct tls_auth_standalone
202 init_tas_crypt(bool server)
203 {
204  struct tls_auth_standalone tas = { 0 };
205  tas.tls_wrap.mode = TLS_WRAP_CRYPT;
206  tas.tls_wrap.opt.flags |= (CO_IGNORE_PACKET_ID|CO_PACKET_ID_LONG_FORM);
207 
208  tls_crypt_init_key(&tas.tls_wrap.opt.key_ctx_bi,
209  &tas.tls_wrap.original_wrap_keydata, static_key,
210  true, server);
211  tas.workbuf = alloc_buf(1600);
212  tas.tls_wrap.work = alloc_buf(1600);
213 
214  return tas;
215 }
216 
217 void
218 free_tas(struct tls_auth_standalone *tas)
219 {
220  /* Not some of these might be null pointers but calling free on null
221  * pointers is a noop */
222  free_key_ctx_bi(&tas->tls_wrap.opt.key_ctx_bi);
223  free_buf(&tas->workbuf);
224  free_buf(&tas->tls_wrap.work);
225 }
226 
227 void
228 test_tls_decrypt_lite_crypt(void **ut_state)
229 {
230  struct link_socket_actual from = { 0 };
231  struct tls_pre_decrypt_state state = { 0 };
232 
233  struct tls_auth_standalone tas = init_tas_crypt(true);
234  struct buffer buf = alloc_buf(1024);
235 
236  /* tls-auth should be invalid */
237  buf_write(&buf, client_reset_v2_tls_auth, sizeof(client_reset_v2_tls_auth));
238  enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
239  assert_int_equal(verdict, VERDICT_INVALID);
240  free_tls_pre_decrypt_state(&state);
241 
242  /* as well as the too short normal reset */
243  buf_reset_len(&buf);
244  buf_write(&buf, client_reset_v2_none, sizeof(client_reset_v2_none));
245  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
246  assert_int_equal(verdict, VERDICT_INVALID);
247  free_tls_pre_decrypt_state(&state);
248 
249  /* the tls-crypt should validate */
250  buf_reset_len(&buf);
251  buf_write(&buf, client_reset_v2_tls_crypt, sizeof(client_reset_v2_tls_crypt));
252  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
253  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
254  free_tls_pre_decrypt_state(&state);
255 
256  /* flip a byte in various places */
257  for (int i = 0; i<sizeof(client_reset_v2_tls_crypt); i++)
258  {
259  buf_reset_len(&buf);
260  buf_write(&buf, client_reset_v2_tls_crypt, sizeof(client_reset_v2_tls_crypt));
261  BPTR(&buf)[i] = 0x23;
262  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
263  assert_int_equal(verdict, VERDICT_INVALID);
264  free_tls_pre_decrypt_state(&state);
265  }
266 
267  free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
268  free_tas(&tas);
269  free_buf(&buf);
270 }
271 
272 
273 void
274 test_tls_decrypt_lite_auth(void **ut_state)
275 {
276  struct link_socket_actual from = { 0 };
277  struct tls_auth_standalone tas = { 0 };
278  struct tls_pre_decrypt_state state = { 0 };
279  enum first_packet_verdict verdict;
280 
281  struct buffer buf = alloc_buf(1024);
282  tas = init_tas_auth(KEY_DIRECTION_NORMAL);
283 
284  /* Packet to short to contain the hmac */
285  buf_write(&buf, client_reset_v2_none, sizeof(client_reset_v2_none));
286 
287  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
288  assert_int_equal(verdict, VERDICT_INVALID);
289  free_tls_pre_decrypt_state(&state);
290 
291  /* Valid tls-auth packet, should validate */
292  buf_reset_len(&buf);
293  buf_write(&buf, client_reset_v2_tls_auth, sizeof(client_reset_v2_tls_auth));
294  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
295  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
296  free_tls_pre_decrypt_state(&state);
297 
298  free_tls_pre_decrypt_state(&state);
299  /* The pre decrypt function should not modify the buffer, so calling it
300  * again should have the same result */
301  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
302  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
303  free_tls_pre_decrypt_state(&state);
304 
305  /* and buf memory should be equal */
306  assert_memory_equal(BPTR(&buf), client_reset_v2_tls_auth, sizeof(client_reset_v2_tls_auth));
307  free_tls_pre_decrypt_state(&state);
308 
309  buf_reset_len(&buf);
310  buf_write(&buf, client_ack_tls_auth_randomid, sizeof(client_ack_tls_auth_randomid));
311  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
312  assert_int_equal(verdict, VERDICT_VALID_CONTROL_V1);
313  free_tls_pre_decrypt_state(&state);
314 
315  /* flip a byte in the hmac */
316  BPTR(&buf)[20] = 0x23;
317  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
318  assert_int_equal(verdict, VERDICT_INVALID);
319  free_tls_pre_decrypt_state(&state);
320 
321  free_tls_pre_decrypt_state(&state);
322  /* Wrong key direction gives a wrong hmac key and should not validate */
323  free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
324  free_tas(&tas);
325  tas = init_tas_auth(KEY_DIRECTION_INVERSE);
326 
327  buf_reset_len(&buf);
328  buf_write(&buf, client_reset_v2_tls_auth, sizeof(client_reset_v2_tls_auth));
329  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
330  assert_int_equal(verdict, VERDICT_INVALID);
331 
332  free_tls_pre_decrypt_state(&state);
333  free_tas(&tas);
334  free_buf(&buf);
335 }
336 
337 void
338 test_tls_decrypt_lite_none(void **ut_state)
339 {
340  struct link_socket_actual from = { 0 };
341  struct tls_auth_standalone tas = { 0 };
342  struct tls_pre_decrypt_state state = { 0 };
343 
344  struct buffer buf = alloc_buf(1024);
345  buf_write(&buf, client_reset_v2_tls_auth, sizeof(client_reset_v2_tls_auth));
346 
347  tas.tls_wrap.mode = TLS_WRAP_NONE;
348 
349  /* the method will not do additional test, so the tls-auth and tls-crypt
350  * reset will be accepted */
351  enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
352  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
353  free_tls_pre_decrypt_state(&state);
354 
355  buf_reset_len(&buf);
356  buf_write(&buf, client_reset_v2_none, sizeof(client_reset_v2_none));
357  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
358  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
359  free_tls_pre_decrypt_state(&state);
360 
361  free_tls_pre_decrypt_state(&state);
362  buf_reset_len(&buf);
363  buf_write(&buf, client_reset_v2_tls_crypt, sizeof(client_reset_v2_none));
364  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
365  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
366  free_tls_pre_decrypt_state(&state);
367 
368  free_tls_pre_decrypt_state(&state);
369 
370  /* This is not a reset packet and should trigger the other response */
371  buf_reset_len(&buf);
372  buf_write(&buf, client_ack_tls_auth_randomid, sizeof(client_ack_tls_auth_randomid));
373  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
374  assert_int_equal(verdict, VERDICT_VALID_CONTROL_V1);
375 
376  free_tls_pre_decrypt_state(&state);
377  free_buf(&buf);
378  free_tas(&tas);
379 }
380 
381 static void
382 test_parse_ack(void **ut_state)
383 {
384  struct buffer buf = alloc_buf(1024);
385  buf_write(&buf, client_control_with_ack, sizeof(client_control_with_ack));
386 
387  /* skip over op code and peer session id */
388  buf_advance(&buf, 9);
389 
390  struct reliable_ack ack;
391  struct session_id sid;
392  bool ret;
393 
394  ret = reliable_ack_parse(&buf, &ack, &sid);
395  assert_true(ret);
396 
397  assert_int_equal(ack.len, 1);
398  assert_int_equal(ack.packet_id[0], 0);
399 
400  struct session_id expected_id = { .id = {0xea, 0xfe, 0xbf, 0xa4, 0x41, 0x8a, 0xe3, 0x1b }};
401  assert_memory_equal(&sid, &expected_id, SID_SIZE);
402 
403  buf_reset_len(&buf);
404  buf_write(&buf, client_ack_none_random_id, sizeof(client_ack_none_random_id));
405 
406  /* skip over op code and peer session id */
407  buf_advance(&buf, 9);
408  ret = reliable_ack_parse(&buf, &ack, &sid);
409  assert_true(ret);
410 
411  assert_int_equal(ack.len, 1);
412  assert_int_equal(ack.packet_id[0], 0);
413 
414  struct session_id expected_id2 = { .id = {0xdd, 0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e }};
415  assert_memory_equal(&sid, &expected_id2, SID_SIZE);
416 
417  buf_reset_len(&buf);
418  buf_write(&buf, client_reset_v2_none, sizeof(client_reset_v2_none));
419 
420  /* skip over op code and peer session id */
421  buf_advance(&buf, 9);
422  ret = reliable_ack_parse(&buf, &ack, &sid);
423 
424  free_buf(&buf);
425 }
426 
427 static void
428 test_verify_hmac_tls_auth(void **ut_state)
429 {
430  hmac_ctx_t *hmac = session_id_hmac_init();
431 
432  struct link_socket_actual from = { 0 };
433  struct tls_auth_standalone tas = { 0 };
434  struct tls_pre_decrypt_state state = { 0 };
435 
436  struct buffer buf = alloc_buf(1024);
437  enum first_packet_verdict verdict;
438 
439  tas = init_tas_auth(KEY_DIRECTION_NORMAL);
440 
441  buf_reset_len(&buf);
442  buf_write(&buf, client_ack_tls_auth_randomid, sizeof(client_ack_tls_auth_randomid));
443  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
444  assert_int_equal(verdict, VERDICT_VALID_CONTROL_V1);
445 
446  /* This is a valid packet but containing a random id instead of an HMAC id*/
447  bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30);
448  assert_false(valid);
449 
450  free_tls_pre_decrypt_state(&state);
451  free_buf(&buf);
452  free_tas(&tas);
453  hmac_ctx_cleanup(hmac);
454  hmac_ctx_free(hmac);
455 }
456 
457 static void
458 test_verify_hmac_none(void **ut_state)
459 {
460  hmac_ctx_t *hmac = session_id_hmac_init();
461 
462  struct link_socket_actual from = { 0 };
463  from.dest.addr.sa.sa_family = AF_INET;
464 
465  struct tls_auth_standalone tas = { 0 };
466  struct tls_pre_decrypt_state state = { 0 };
467 
468  struct buffer buf = alloc_buf(1024);
469  enum first_packet_verdict verdict;
470 
471  tas.tls_wrap.mode = TLS_WRAP_NONE;
472 
473  buf_reset_len(&buf);
474  buf_write(&buf, client_ack_none_random_id, sizeof(client_ack_none_random_id));
475  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
476  assert_int_equal(verdict, VERDICT_VALID_ACK_V1);
477 
478  bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30);
479  assert_true(valid);
480 
481  free_tls_pre_decrypt_state(&state);
482  free_buf(&buf);
483  hmac_ctx_cleanup(hmac);
484  hmac_ctx_free(hmac);
485 }
486 
487 static hmac_ctx_t *
488 init_static_hmac(void)
489 {
490  ASSERT(md_valid("SHA256"));
491  hmac_ctx_t *hmac_ctx = hmac_ctx_new();
492 
493  uint8_t key[SHA256_DIGEST_LENGTH] = {1, 2, 3, 0};
494 
495  hmac_ctx_init(hmac_ctx, key, "SHA256");
496  return hmac_ctx;
497 }
498 
499 static void
500 test_calc_session_id_hmac_static(void **ut_state)
501 {
502  hmac_ctx_t *hmac = init_static_hmac();
503  static const int handwindow = 100;
504 
505  struct openvpn_sockaddr addr = { 0 };
506 
507  addr.addr.in4.sin_family = AF_INET;
508  addr.addr.in4.sin_addr.s_addr = ntohl(0xff000ff);
509  addr.addr.in4.sin_port = ntohs(1195);
510 
511  struct session_id client_id = { {0, 1, 2, 3, 4, 5, 6, 7}};
512 
513  now = 1005;
514  struct session_id server_id = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 0);
515 
516 
517  struct session_id expected_server_id = {{0x84, 0x73, 0x52, 0x2b, 0x5b, 0xa9, 0x2a, 0x70}};
518  /* We have to deal with different structs here annoyingly */
519  /* Linux has an unsigned short int as family_t and this is field is always
520  * stored in host endianness even though the rest of the struct isn't...,
521  * so Linux little endian differs from all BSD and Linux big endian */
522  if (sizeof(addr.addr.in4.sin_family) == sizeof(unsigned short int)
523  && ntohs(AF_INET) != AF_INET)
524  {
525  struct session_id linuxle = {{0x8b, 0xeb, 0x3d, 0x20, 0x14, 0x53, 0xbe, 0x0a }};
526  expected_server_id = linuxle;
527  }
528  assert_memory_equal(expected_server_id.id, server_id.id, SID_SIZE);
529 
530  struct session_id server_id_m1 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, -1);
531  struct session_id server_id_p1 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 1);
532  struct session_id server_id_p2 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 2);
533 
534  assert_memory_not_equal(expected_server_id.id, server_id_m1.id, SID_SIZE);
535  assert_memory_not_equal(expected_server_id.id, server_id_p1.id, SID_SIZE);
536 
537  /* changing the time puts us into the next hmac time window (handwindow/2=50)
538  * and shifts the ids by one */
539  now = 1062;
540 
541  struct session_id server_id2_m2 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, -2);
542  struct session_id server_id2_m1 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, -1);
543  struct session_id server_id2 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 0);
544  struct session_id server_id2_p1 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 1);
545 
546  assert_memory_equal(server_id2_m2.id, server_id_m1.id, SID_SIZE);
547  assert_memory_equal(server_id2_m1.id, expected_server_id.id, SID_SIZE);
548  assert_memory_equal(server_id2.id, server_id_p1.id, SID_SIZE);
549  assert_memory_equal(server_id2_p1.id, server_id_p2.id, SID_SIZE);
550 
551  hmac_ctx_cleanup(hmac);
552  hmac_ctx_free(hmac);
553 }
554 
555 static void
556 test_generate_reset_packet_plain(void **ut_state)
557 {
558  struct link_socket_actual from = { 0 };
559  struct tls_auth_standalone tas = { 0 };
560  struct tls_pre_decrypt_state state = { 0 };
561 
562  struct session_id client_id = {{0, 1, 2, 3, 4, 5, 6, 7}};
563  struct session_id server_id = {{8, 9, 0, 9, 8, 7, 6, 2}};
564 
565  enum first_packet_verdict verdict;
566 
567  tas.tls_wrap.mode = TLS_WRAP_NONE;
568  struct frame frame = { {.headroom = 200, .payload_size = 1400}, 0};
569  tas.frame = frame;
570  tas.workbuf = alloc_buf(1600);
571 
572  uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT);
573 
574  struct buffer buf = tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false);
575 
576 
577  verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
578  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
579 
580  /* Assure repeated generation of reset is deterministic/stateless*/
581  assert_memory_equal(state.peer_session_id.id, client_id.id, SID_SIZE);
582  struct buffer buf2 = tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false);
583  assert_int_equal(BLEN(&buf), BLEN(&buf2));
584  assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
585 
586  free_tls_pre_decrypt_state(&state);
587  free_buf(&tas.workbuf);
588 }
589 
590 static void
591 test_generate_reset_packet_tls_auth(void **ut_state)
592 {
593  struct link_socket_actual from = { 0 };
594  struct tls_pre_decrypt_state state = { 0 };
595 
596  struct tls_auth_standalone tas_server = init_tas_auth(KEY_DIRECTION_NORMAL);
597  struct tls_auth_standalone tas_client = init_tas_auth(KEY_DIRECTION_INVERSE);
598 
599  packet_id_init(&tas_client.tls_wrap.opt.packet_id, 5, 5, "UNITTEST", 0);
600 
601  struct session_id client_id = {{0xab, 1, 2, 3, 4, 5, 6, 0xcd}};
602  struct session_id server_id = {{8, 9, 0xa, 0xc, 8, 7, 6, 2}};
603 
604  uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT);
605 
606  now = 0x22446688;
607  reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send);
608  struct buffer buf = tls_reset_standalone(&tas_client.tls_wrap, &tas_client, &client_id, &server_id, header, false);
609 
610  enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas_server, &state, &from, &buf);
611  assert_int_equal(verdict, VERDICT_VALID_RESET_V2);
612 
613  assert_memory_equal(state.peer_session_id.id, client_id.id, SID_SIZE);
614 
615  /* Assure repeated generation of reset is deterministic/stateless*/
616  reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send);
617  struct buffer buf2 = tls_reset_standalone(&tas_client.tls_wrap, &tas_client, &client_id, &server_id, header, false);
618  assert_int_equal(BLEN(&buf), BLEN(&buf2));
619  assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
620 
621  free_tls_pre_decrypt_state(&state);
622 
623  packet_id_free(&tas_client.tls_wrap.opt.packet_id);
624 
625  free_tas(&tas_client);
626  free_tas(&tas_server);
627 }
628 
629 int
630 main(void)
631 {
632  openvpn_unit_test_setup();
633  const struct CMUnitTest tests[] = {
634  cmocka_unit_test(test_tls_decrypt_lite_none),
635  cmocka_unit_test(test_tls_decrypt_lite_auth),
636  cmocka_unit_test(test_tls_decrypt_lite_crypt),
637  cmocka_unit_test(test_parse_ack),
638  cmocka_unit_test(test_calc_session_id_hmac_static),
639  cmocka_unit_test(test_verify_hmac_none),
640  cmocka_unit_test(test_verify_hmac_tls_auth),
641  cmocka_unit_test(test_generate_reset_packet_plain),
642  cmocka_unit_test(test_generate_reset_packet_tls_auth),
643  };
644 
645 #if defined(ENABLE_CRYPTO_OPENSSL)
646  OpenSSL_add_all_algorithms();
647 #endif
648 
649  int ret = cmocka_run_group_tests_name("pkt tests", tests, NULL, NULL);
650 
651 #if defined(ENABLE_CRYPTO_OPENSSL)
652  EVP_cleanup();
653 #endif
654 
655  return ret;
656 }
VERDICT_VALID_RESET_V2
@ VERDICT_VALID_RESET_V2
This packet is a valid reset packet from the peer (all but tls-crypt-v2)
Definition: ssl_pkt.h:86
hmac_ctx_cleanup
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
print_link_socket_actual
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: test_pkt.c:67
openvpn_sockaddr::addr
union openvpn_sockaddr::@14 addr
ssl_backend.h
tls_wrap_ctx::original_wrap_keydata
struct key2 original_wrap_keydata
original key data to be xored in to the key for dynamic tls-crypt.
Definition: ssl_common.h:289
VERDICT_INVALID
@ VERDICT_INVALID
the packet failed on of the various checks
Definition: ssl_pkt.h:97
hmac_ctx_t
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
Definition: crypto_mbedtls.h:46
packet_id_init
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition: packet_id.c:79
P_CONTROL_HARD_RESET_CLIENT_V2
#define P_CONTROL_HARD_RESET_CLIENT_V2
Definition: ssl_pkt.h:51
KEY_DIRECTION_NORMAL
#define KEY_DIRECTION_NORMAL
Definition: crypto.h:172
client_ack_none_random_id
const uint8_t client_ack_none_random_id[]
Definition: test_pkt.c:172
test_common.h
first_packet_verdict
first_packet_verdict
Definition: ssl_pkt.h:84
tls_reset_standalone
struct buffer tls_reset_standalone(struct tls_wrap_ctx *ctx, struct tls_auth_standalone *tas, struct session_id *own_sid, struct session_id *remote_sid, uint8_t header, bool request_resend_wkc)
This function creates a reset packet using the information from the tls pre decrypt state.
Definition: ssl_pkt.c:428
tls_pre_decrypt_lite
enum first_packet_verdict tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, struct tls_pre_decrypt_state *state, const struct link_socket_actual *from, const struct buffer *buf)
Inspect an incoming packet for which no VPN tunnel is active, and determine whether a new VPN tunnel ...
Definition: ssl_pkt.c:307
client_control_with_ack
const uint8_t client_control_with_ack[]
Definition: test_pkt.c:165
test_calc_session_id_hmac_static
static void test_calc_session_id_hmac_static(void **ut_state)
Definition: test_pkt.c:500
session_id_hmac_init
hmac_ctx_t * session_id_hmac_init(void)
Definition: ssl_pkt.c:473
VERDICT_VALID_CONTROL_V1
@ VERDICT_VALID_CONTROL_V1
This packet is a valid control packet from the peer.
Definition: ssl_pkt.h:90
free_tls_pre_decrypt_state
void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state)
Definition: ssl_pkt.c:285
client_reset_v2_tls_auth
const uint8_t client_reset_v2_tls_auth[]
Definition: test_pkt.c:102
KEY_DIRECTION_INVERSE
#define KEY_DIRECTION_INVERSE
Definition: crypto.h:173
openvpn_sockaddr
Definition: socket.h:65
reliable_ack_parse
bool reliable_ack_parse(struct buffer *buf, struct reliable_ack *ack, struct session_id *session_id_remote)
Parse an acknowledgment record from a received packet.
Definition: reliable.c:173
P_OPCODE_SHIFT
#define P_OPCODE_SHIFT
Definition: ssl_pkt.h:39
options.h
tls_crypt.h
tls_auth_standalone::workbuf
struct buffer workbuf
Definition: ssl_pkt.h:80
frame
Packet geometry parameters.
Definition: mtu.h:98
test_verify_hmac_none
static void test_verify_hmac_none(void **ut_state)
Definition: test_pkt.c:458
crypto_read_openvpn_key
void crypto_read_openvpn_key(const struct key_type *key_type, struct key_ctx_bi *ctx, const char *key_file, bool key_inline, const int key_direction, const char *key_name, const char *opt_name, struct key2 *keydata)
Definition: crypto.c:1094
buf_reset_len
static void buf_reset_len(struct buffer *buf)
Definition: buffer.h:312
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
init_tas_crypt
struct tls_auth_standalone init_tas_crypt(bool server)
Definition: test_pkt.c:202
test_pkt_context
Definition: test_pkt.c:72
session_id
Definition: session_id.h:38
reliable_ack::len
int len
Definition: reliable.h:63
tls_auth_standalone::frame
struct frame frame
Definition: ssl_pkt.h:81
free_key_ctx_bi
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition: crypto.c:906
tls_wrap_ctx::opt
struct crypto_options opt
Crypto state.
Definition: ssl_common.h:273
reliable.h
ASSERT
#define ASSERT(x)
Definition: error.h:195
client_reset_v2_none
const uint8_t client_reset_v2_none[]
Definition: test_pkt.c:98
tls_pre_decrypt_state::peer_session_id
struct session_id peer_session_id
Definition: ssl_pkt.h:107
buf_advance
static bool buf_advance(struct buffer *buf, int size)
Definition: buffer.h:623
link_socket_actual
Definition: socket.h:86
tls_crypt_kt
static struct key_type tls_crypt_kt(void)
Definition: tls_crypt.c:49
reset_packet_id_send
static void reset_packet_id_send(struct packet_id_send *p)
Reset the current send packet id to its initial state.
Definition: packet_id.h:301
openvpn_sockaddr::sa
struct sockaddr sa
Definition: socket.h:69
BLEN
#define BLEN(buf)
Definition: buffer.h:127
test_tls_decrypt_lite_none
void test_tls_decrypt_lite_none(void **ut_state)
Definition: test_pkt.c:338
SID_SIZE
#define SID_SIZE
Definition: session_id.h:45
openvpn_sockaddr::in4
struct sockaddr_in in4
Definition: socket.h:70
free_tas
void free_tas(struct tls_auth_standalone *tas)
Definition: test_pkt.c:218
tls_wrap_ctx::work
struct buffer work
Work buffer (only for –tls-crypt)
Definition: ssl_common.h:274
tls_pre_decrypt_state
struct that stores the temporary data for the tls lite decrypt functions
Definition: ssl_pkt.h:104
main
int main(void)
Definition: test_pkt.c:630
crypto.h
parse_line
int parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: test_pkt.c:48
test_tls_decrypt_lite_auth
void test_tls_decrypt_lite_auth(void **ut_state)
Definition: test_pkt.c:274
static_key
const char static_key[]
Definition: test_pkt.c:77
init_tas_auth
struct tls_auth_standalone init_tas_auth(int key_direction)
Definition: test_pkt.c:179
reliable_ack::packet_id
packet_id_type packet_id[RELIABLE_ACK_SIZE]
Definition: reliable.h:64
tls_crypt_init_key
void tls_crypt_init_key(struct key_ctx_bi *key, struct key2 *keydata, const char *key_file, bool key_inline, bool tls_server)
Initialize a key_ctx_bi structure for use with –tls-crypt.
Definition: tls_crypt.c:61
test_pkt_context::tas_tls_auth
struct tls_auth_standalone tas_tls_auth
Definition: test_pkt.c:73
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
test_generate_reset_packet_tls_auth
static void test_generate_reset_packet_tls_auth(void **ut_state)
Definition: test_pkt.c:591
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: test_pkt.c:59
calculate_session_id_hmac
struct session_id calculate_session_id_hmac(struct session_id client_sid, const struct openvpn_sockaddr *from, hmac_ctx_t *hmac, int handwindow, int offset)
Calculates the HMAC based server session id based on a client session id and socket addr.
Definition: ssl_pkt.c:487
hmac_ctx_free
void hmac_ctx_free(hmac_ctx_t *ctx)
key_type
Definition: crypto.h:139
test_generate_reset_packet_plain
static void test_generate_reset_packet_plain(void **ut_state)
Definition: test_pkt.c:556
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:673
test_pkt_context::tas_crypt
struct tls_auth_standalone tas_crypt
Definition: test_pkt.c:74
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:471
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
session_id::id
uint8_t id[8]
Definition: session_id.h:40
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
openvpn_unit_test_setup
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition: test_common.h:36
test_tls_decrypt_lite_crypt
void test_tls_decrypt_lite_crypt(void **ut_state)
Definition: test_pkt.c:228
test_verify_hmac_tls_auth
static void test_verify_hmac_tls_auth(void **ut_state)
Definition: test_pkt.c:428
tls_auth_standalone::tls_wrap
struct tls_wrap_ctx tls_wrap
Definition: ssl_pkt.h:79
free_buf
void free_buf(struct buffer *buf)
Definition: buffer.c:183
init_static_hmac
static hmac_ctx_t * init_static_hmac(void)
Definition: test_pkt.c:488
SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH
Definition: crypto_mbedtls.h:77
ssl_pkt.h
packet_id::send
struct packet_id_send send
Definition: packet_id.h:202
client_reset_v2_tls_crypt
const uint8_t client_reset_v2_tls_crypt[]
Definition: test_pkt.c:110
CO_PACKET_ID_LONG_FORM
#define CO_PACKET_ID_LONG_FORM
Bit-flag indicating whether to use OpenVPN's long packet ID format.
Definition: crypto.h:250
mss.h
crypto_options::key_ctx_bi
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition: crypto.h:232
test_parse_ack
static void test_parse_ack(void **ut_state)
Definition: test_pkt.c:382
now
time_t now
Definition: otime.c:34
check_session_id_hmac
bool check_session_id_hmac(struct tls_pre_decrypt_state *state, const struct openvpn_sockaddr *from, hmac_ctx_t *hmac, int handwindow)
Checks if a control packet has a correct HMAC server session id.
Definition: ssl_pkt.c:529
config.h
hmac_ctx_new
hmac_ctx_t * hmac_ctx_new(void)
Definition: crypto_openssl.c:1186
CO_IGNORE_PACKET_ID
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition: crypto.h:253
hmac_ctx_init
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
init_key_type
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, bool tls_mode, bool warn)
Initialize a key_type structure with.
Definition: crypto.c:744
session
Definition: keyingmaterialexporter.c:56
md_valid
bool md_valid(const char *digest)
Return if a message digest parameters is valid given the name of the digest.
Definition: crypto_openssl.c:1038
client_ack_tls_auth_randomid
const uint8_t client_ack_tls_auth_randomid[]
Definition: test_pkt.c:120
crypto_options::packet_id
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition: crypto.h:236
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition: socket.h:90
VERDICT_VALID_ACK_V1
@ VERDICT_VALID_ACK_V1
This packet is a valid ACK control packet from the peer, i.e.
Definition: ssl_pkt.h:93
crypto_options::flags
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition: crypto.h:283
alloc_buf
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
packet_id_free
void packet_id_free(struct packet_id *p)
Definition: packet_id.c:102
tls_wrap_ctx::mode
enum tls_wrap_ctx::@17 mode
Control channel wrapping mode.
reliable_ack
The acknowledgment structure in which packet IDs are stored for later acknowledgment.
Definition: reliable.h:61
frame::headroom
int headroom
the headroom in the buffer, this is choosen to allow all potential header to be added before the pack...
Definition: mtu.h:108
tls_auth_standalone
Definition: ssl_pkt.h:77
Generated by   doxygen 1.8.17